Skip to content

Commit 9897fba

Browse files
maartenbamaartenba
committed
Support token_endpoint_auth_signing_alg_values_supported DuendeSoftware/foss#203 
1 parent 538a5ee commit 9897fba

File tree

1 file changed

+58
-6
lines changed

1 file changed

+58
-6
lines changed

src/content/docs/identitymodel/endpoints/discovery.md

Lines changed: 58 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,21 +4,22 @@ description: Documentation for using the OpenID Connect discovery endpoint clien
44
sidebar:
55
order: 2
66
label: Discovery
7+
badge:
8+
text: v7.1
9+
variant: tip
710
redirect_from:
811
- /foss/identitymodel/endpoints/discovery/
912
---
1013

1114
The client library for the [OpenID Connect discovery
1215
endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html) is
1316
provided as an extension method for `HttpClient`. The
14-
`GetDiscoveryDocumentAsync` method returns a `DiscoveryResponse` object
17+
`GetDiscoveryDocumentAsync` method returns a `DiscoveryDocumentResponse` object
1518
that has both strong and weak typed accessors for the various elements
1619
of the discovery document.
1720

1821
You should always check the `IsError` and `Error` properties before
19-
accessing the contents of the document.
20-
21-
Example:
22+
accessing the contents of the document:
2223

2324
```csharp
2425
var client = new HttpClient();
@@ -27,7 +28,7 @@ var disco = await client.GetDiscoveryDocumentAsync("https://demo.duendesoftware.
2728
if (disco.IsError) throw new Exception(disco.Error);
2829
```
2930

30-
Standard elements can be accessed by using properties:
31+
[Standard elements](#discoverydocumentresponse-properties-reference) can be accessed by using properties:
3132

3233
```csharp
3334
var tokenEndpoint = disco.TokenEndpoint;
@@ -61,7 +62,7 @@ By default, the discovery response is validated before it is returned to the cli
6162
- enforce the existence of a keyset
6263

6364
Policy violation errors will set the `ErrorType` property on the
64-
`DiscoveryResponse` to `PolicyViolation`.
65+
`DiscoveryDocumentResponse` to `PolicyViolation`.
6566

6667
All the standard validation rules can be modified using the
6768
`DiscoveryPolicy` class, e.g. disabling the issuer name check:
@@ -148,3 +149,54 @@ services.AddSingleton<IDiscoveryCache>(r =>
148149
return new DiscoveryCache(Constants.Authority, () => factory.CreateClient());
149150
});
150151
```
152+
153+
### DiscoveryDocumentResponse Properties Reference
154+
155+
The following table lists the standard properties on the `DiscoveryDocumentResponse` class:
156+
157+
| Property | Description |
158+
|-------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|
159+
| Policy | Gets or sets the discovery policy used to configure how the discovery document is processed |
160+
| KeySet | Gets or sets the JSON Web Key Set (JWKS) associated with the discovery document |
161+
| MtlsEndpointAliases | Gets the mutual TLS (mTLS) endpoint aliases |
162+
| Issuer | Gets the issuer identifier for the authorization server |
163+
| AuthorizeEndpoint | Gets the authorization endpoint URL |
164+
| TokenEndpoint | Gets token endpoint URL |
165+
| UserInfoEndpoint | Gets user info endpoint URL |
166+
| IntrospectionEndpoint | Gets the introspection endpoint URL |
167+
| RevocationEndpoint | Gets the revocation endpoint URL |
168+
| DeviceAuthorizationEndpoint | Gets the device authorization endpoint URL |
169+
| BackchannelAuthenticationEndpoint | Gets the backchannel authentication endpoint URL |
170+
| JwksUri | Gets the URI of the JSON Web Key Set (JWKS) |
171+
| EndSessionEndpoint | Gets the end session endpoint URL |
172+
| CheckSessionIframe | Gets the check session iframe URL |
173+
| RegistrationEndpoint | Gets the dynamic client registration (DCR) endpoint URL |
174+
| PushedAuthorizationRequestEndpoint | Gets the pushed authorization request (PAR) endpoint URL |
175+
| FrontChannelLogoutSupported | Gets a flag indicating whether front-channel logout is supported |
176+
| FrontChannelLogoutSessionSupported | Gets a flag indicating whether a session ID (sid) parameter is supported at the front-channel logout endpoint |
177+
| GrantTypesSupported | Gets the supported grant types |
178+
| CodeChallengeMethodsSupported | Gets the supported code challenge methods |
179+
| ScopesSupported | Gets the supported scopes |
180+
| SubjectTypesSupported | Gets the supported subject types |
181+
| ResponseModesSupported | Gets the supported response modes |
182+
| ResponseTypesSupported | Gets the supported response types |
183+
| ClaimsSupported | Gets the supported claims |
184+
| TokenEndpointAuthenticationMethodsSupported | Gets the authentication methods supported by the token endpoint |
185+
| TokenEndpointAuthenticationSigningAlgorithmsSupported | Gets the signing algorithms supported by the token endpoint for client authentication |
186+
| BackchannelTokenDeliveryModesSupported | Gets the supported backchannel token delivery modes |
187+
| BackchannelUserCodeParameterSupported | Gets a flag indicating whether the backchannel user code parameter is supported |
188+
| RequirePushedAuthorizationRequests | Gets a flag indicating whether the use of pushed authorization requests (PAR) is required |
189+
| IntrospectionSigningAlgorithmsSupported | Gets the signing algorithms supported for introspection responses |
190+
| IntrospectionEncryptionAlgorithmsSupported | Gets the encryption "alg" values supported for encrypted JWT introspection responses |
191+
| IntrospectionEncryptionEncValuesSupported | Gets the encryption "enc" values supported for encrypted JWT introspection responses |
192+
| Scopes | The list of scopes associated to the token or an empty array if no `scope` claim is present |
193+
| ClientId | The client identifier for the OAuth 2.0 client that requested the token or `null` if the `client_id` claim is missing |
194+
| UserName | The human-readable identifier for the resource owner who authorized the token or `null` if the `username` claim is missing |
195+
| TokenType | The type of the token as defined in section 5.1 of OAuth 2.0 (RFC6749) or `null` if the `token_type` claim is missing |
196+
| Expiration | The expiration time of the token or `null` if the `exp` claim is missing |
197+
| IssuedAt | The issuance time of the token or `null` if the `iat` claim is missing |
198+
| NotBefore | The validity start time of the token or `null` if the `nbf` claim is missing |
199+
| Subject | The subject of the token or `null` if the `sub` claim is missing |
200+
| Audiences | The service-specific list of string identifiers representing the intended audience for the token or an empty array if no `aud` claim is present |
201+
| Issuer | The string representing the issuer of the token or `null` if the `iss` claim is missing |
202+
| JwtId | The string identifier for the token or `null` if the `jti` claim is missing |

0 commit comments

Comments
 (0)